From d1f28f50ebc18996cf60b1842819be8699251de0 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 12 Feb 2020 11:59:23 +0100
Subject: ssh: add flag to remove AllowUsers config option

---
 roles/sshd/tasks/main.yml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'roles')

diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index d73d778b..a9393cfd 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -27,12 +27,21 @@
   notify: restart ssh
 
 - name: limit allowed users
+  when: ssh_allow_any_user is undefined or not ssh_allow_any_user
   lineinfile:
     dest: /etc/ssh/sshd_config
-    regexp: "^AllowUsers"
+    regexp: "^AllowUsers\\s"
     line: "AllowUsers {{ ' '.join([ 'root' ] | union(ssh_allowusers_group | default([])) | union(ssh_allowusers_host | default([]))) }}"
   notify: restart ssh
 
+- name: allow any user
+  when: ssh_allow_any_user is defined and ssh_allow_any_user
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    regexp: "^AllowUsers\\s"
+    state: absent
+  notify: restart ssh
+
 - name: install ssh keys for root
   authorized_key:
     user: root
-- 
cgit v1.2.3